11-02-2007 06:01 AM
Hello,
I'm having Cisco 506e firewall & WIn2003 SBS server.My client's are using Windows Vista Business.I had created the VPN connection on that, while verying username & password it gets stuck & after that it shows error as error 732 Your computer & remote computer does not allow PPP protocols.
Please help me on this, it would be really appreciated.
Solved! Go to Solution.
11-15-2007 09:58 AM
Hello,
Can you take out the following line from you config and try again.
access-group 101 in interface outside
isakmp identity address
When you post configs in the future can you remove the interesting details such as ip addresses and usernames/passwords. It's too tempting for some people.
What version of the Cisco client do you have for the Vista machines, I use 5.0.00.0340 and that works ok.
11-03-2007 05:57 PM
Sagars, when you say your windows vista vpn clients I assume clients are using microsoft PPTP vpn client from windows, and your pix 506e is configured to accept inbound pptp connections from outside, is this is correct go over these two links, two key points you need is permitting pptp protocol 1723 and GRE.
PIX sample config for use with pptp inbound clients
PPTP/GRE backround
Rgds
Jorge
11-04-2007 07:33 PM
Thanks Jorge for your prompt response.
I had configured the pix to use PPTP protocols, it is working fine with Windows XP but not on Windows Vista.Its showing the error as error 732.
11-04-2007 01:01 PM
Was Vista Business installed fresh or as an upgrade? What v. of the Vista client are you using? Is your firewall up or down? Do you have 3rd-party firewall/AV/etc.?
Vista upgrades are not supported with the VPN client -- only Vista clean installs (see readme).
11-07-2007 02:21 AM
The problem here is likely to be Vista. Vista is set as default to ms-chap-v2 and require encryption. You can change the settings under the vpn properties to use chap and optional encryption.
You can also add the following to the vpdn group configuration - ppp encryption mppe 40 if not there already which will enable the encryption on the pix.
Ms-chap-v2 is available on version 7 os releases but i don't think the 506e will support these.
11-07-2007 03:29 AM
thanks for your response,
can we upgrade 506e to the latest version because i tried to change the security settings but it is not working.
11-07-2007 04:58 AM
The pix 506e is not supported under version 7 so you will not be able to upgrade.
I do have Vista clients running to 501's that are on version 6 so you should be able to get it running.
Can you post your vpdn config, there may be something missing that is required for Vista.
The other option is to use the Cisco vpn client for the connection.
11-07-2007 05:14 AM
I installed The Cisco Client as
Cisco Systems VPN Client 5.0.01.0600 but still its not connecting.
I changed the settings in pix 506e to allow the VPN clients,it worked from Windows XP but still its not working from Windows Vista.
Please reply
11-07-2007 05:18 AM
The cisco client will not connect to the vpdn config for pptp connections. You need to create a dynamic crypto map for these connections.
Before doing that can you post your vpdn config from the pix. We may be able to solve the problem from there.
11-11-2007 10:45 PM
11-15-2007 09:58 AM
Hello,
Can you take out the following line from you config and try again.
access-group 101 in interface outside
isakmp identity address
When you post configs in the future can you remove the interesting details such as ip addresses and usernames/passwords. It's too tempting for some people.
What version of the Cisco client do you have for the Vista machines, I use 5.0.00.0340 and that works ok.
11-16-2007 03:28 AM
thanks for your suggesstion
yes, i'm using the version is 5.0.01.0600,
which one is the latest one??
11-16-2007 04:18 AM
thank you so much
finally, i had resolved my issue.
now, i'm able 2 connect to my server using the VPN client.
All credit goes to you andy
thanks opnce again
bye
11-16-2007 04:20 AM
No problem, glad to help.
11-18-2007 09:53 PM
thanks once again,
i want to know what was the problem in that & why need to delete that line from the config.
do you have any gmail or hotmail account so that we can be available on chat for some problems.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: